{"title":"Coping with Access Control Requirements in the Context of Mutual Dependencies between Business and IT","authors":"R. Pilipchuk","doi":"10.1145/3277570.3277587","DOIUrl":null,"url":null,"abstract":"IT security is ever more important due to rising cybercrime incidents, obligatory security laws and the need for organization-wide security strategies. Consequently, the business level of an organization, service design managers and compliance managers according to ITIL, have to focus increasingly on: a) compliance to the rising amount of laws, b) organization-wide IT security and c) the establishment of security strategies to secure critical business data. Therefore, a close cooperation with the IT is needed. This paper proposes an approach to close the gap between the business level and the IT with focus on access control requirements, coming from the business level. The approach eases the role engineering process for role based access control and establishes a traceability between business processes and access control requirements as well as enterprise architectures. Furthermore, it increases the compliance between enterprise architectures and access control requirements from business processes and allows understanding the mutual dependencies of business processes, access control requirements and enterprise architectures in evolution scenarios.","PeriodicalId":164597,"journal":{"name":"Proceedings of the Central European Cybersecurity Conference 2018","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Central European Cybersecurity Conference 2018","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3277570.3277587","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
IT security is ever more important due to rising cybercrime incidents, obligatory security laws and the need for organization-wide security strategies. Consequently, the business level of an organization, service design managers and compliance managers according to ITIL, have to focus increasingly on: a) compliance to the rising amount of laws, b) organization-wide IT security and c) the establishment of security strategies to secure critical business data. Therefore, a close cooperation with the IT is needed. This paper proposes an approach to close the gap between the business level and the IT with focus on access control requirements, coming from the business level. The approach eases the role engineering process for role based access control and establishes a traceability between business processes and access control requirements as well as enterprise architectures. Furthermore, it increases the compliance between enterprise architectures and access control requirements from business processes and allows understanding the mutual dependencies of business processes, access control requirements and enterprise architectures in evolution scenarios.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
